I hope I found the right spot for this: I'd like to know who controls the version-numbering of mozilla Firefox inside SuSE as it's not quite compatible with what some banks demand despite the fact that there was an update via YOU lately :) I hope I can encourage whoever it is to follow the "official" Mozilla Firefox version-numbering because thats where others look. Novell/SuSE is not big enough to dictate that yet ;) Luckily you had a more reasonable version 1 and half months ago in the supplementary section of the ftp site but not the smartest way to have things done and for some to be able to do some online banking ;) A browser like Mozilla Firefox should be kept much more "current" than in the past. Keep up the good work (generally) at opensuse.org/suse Yours Johan
Johan, On 2006-05-02 at 00:15:35 +0200, Johan N. wrote (shortened):
I'd like to know who controls the version-numbering of mozilla Firefox inside SuSE as it's not quite compatible with what some banks demand despite the fact that there was an update via YOU lately :)
I'm the packager. And I guess you are asking why we "only" ship Firefox 1.0.x with older distributions?
I hope I can encourage whoever it is to follow the "official" Mozilla Firefox version-numbering because thats where others look. Novell/SuSE is not big enough to dictate that yet ;)
Product and project management decides about version upgrades. (And in some cases maybe the security team if there are no other options)
Luckily you had a more reasonable version 1 and half months ago in the supplementary section of the ftp site but not the smartest way to have things done and for some to be able to do some online banking ;)
What is the problem? You say it's not possible to do online banking with Firefox 1.0.x?
A browser like Mozilla Firefox should be kept much more "current" than in the past.
Frankly, Firefox is one of the few packages which got version upgrades at all in the past. Wolfgang Rosenauer -- SUSE - A Novell business -o) Tel: +49-(0)911-740 53 0 Maxfeldstr. 5 /\\ Fax: +49-(0)911-740 53 489 90409 Nuernberg, Germany _\_v
2006/5/2, Wolfgang Rosenauer <stark@suse.de>:
Johan,
On 2006-05-02 at 00:15:35 +0200, Johan N. wrote (shortened):
I'd like to know who controls the version-numbering of mozilla Firefox inside SuSE as it's not quite compatible with what some banks demand despite the fact that there was an update via YOU lately :)
I'm the packager. And I guess you are asking why we "only" ship Firefox 1.0.x with older distributions?
Morning YES when we speak of what is available via the installationmedia/YOU I know that suse isn't known to introduce new versions of applications for the distributions out there officially suse 10 and down. Until 10.1 is on the street I'd still consider 10.0 "recent/current". One area where you should consider this is for browsers and especially for Mozilla Firefox as it's one of the most used in the linux/suse world :)
I hope I can encourage whoever it is to follow the "official" Mozilla
Firefox version-numbering because thats where others look. Novell/SuSE is not big enough to dictate that yet ;)
Product and project management decides about version upgrades. (And in some cases maybe the security team if there are no other options)
Luckily you had a more reasonable version 1 and half months ago in the supplementary section of the ftp site but not the smartest way to have things done and for some to be able to do some online banking ;)
What is the problem? You say it's not possible to do online banking with Firefox 1.0.x?
YES, at least my bank checked against you current versionnumber of Mozilla Firefox and I was told to upgrade (kind of fun as I just pulled it down via YOU seconds before on another PC) ;-)
A browser like Mozilla Firefox should be kept much more "current" than in
the past.
Frankly, Firefox is one of the few packages which got version upgrades at all in the past.
Yes at a very slow pace I may add if we don't consider the supplemental area of the ftp site ;-)
From a: lets get more people using linux/suse it would make a lot of sense increasing the time you have for the purpose of caring for Firefox and keeping it fresh and usable everywhere OK except those sites that have "Made for Micky Mouse" printed all over them ;-)
Yours Johan Wolfgang Rosenauer
-- SUSE - A Novell business -o) Tel: +49-(0)911-740 53 0 Maxfeldstr. 5 /\\ Fax: +49-(0)911-740 53 489 90409 Nuernberg, Germany _\_v
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-packaging-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging-help@opensuse.org
Dear Johan,
One area where you should consider this is for browsers and especially for Mozilla Firefox as it's one of the most used in the linux/suse world :)
unfortunately it's much more complex than that. Mozilla Firefox might look like an example where updating is feasible because no other package depends on it, but it isn't. See: People can install extensions into their Mozilla Firefox profiles, and if a new version is delivered via YOU, most of them won't work correctly any more. Some of them can even invalidate the profile, produce XUL errors, destroy the user interface or even prevent the browser from starting up at all. Do you really want to see such things happen in a released product?
YES, at least my bank checked against you current versionnumber of Mozilla Firefox and I was told to upgrade (kind of fun as I just pulled it down via YOU seconds before on another PC) ;-)
I seriously doubt that the new version is really *required* for the online banking to work correctly. The bank shouldn't check the user agent string.
Yes at a very slow pace I may add if we don't consider the supplemental area of the ftp site ;-)
These packages are half-official and if people really need new versions, they can just add that to their installation sources. Since this directory provides repodata, it works with YaST and is quite easy to set up for everyone. Andreas Hanke -- GMX Produkte empfehlen und ganz einfach Geld verdienen! Satte Provisionen f�r GMX Partner: http://www.gmx.net/de/go/partner
Maybe I should go ahead and try to see if I can tease the bank a little :) 2006/5/2, andreas.hanke@gmx-topmail.de <andreas.hanke@gmx-topmail.de>:
Dear Johan,
One area where you should consider this is for browsers and especially for Mozilla Firefox as it's one of the most used in the linux/suse world :)
unfortunately it's much more complex than that. Mozilla Firefox might look like an example where updating is feasible because no other package depends on it, but it isn't.
See: People can install extensions into their Mozilla Firefox profiles, and if a new version is delivered via YOU, most of them won't work correctly any more. Some of them can even invalidate the profile, produce XUL errors, destroy the user interface or even prevent the browser from starting up at all. Do you really want to see such things happen in a released product?
Yes you better put some efforts on keeping extensions in shape too ;-) Same would happen updating from 10.0 to 10.1 so a little backup old setup before we continue the upgrade would be in order maybe since you care about this topic ;-) Sure I make a copy of my user area every time and have it in a separate partition.
YES, at least my bank checked against you current versionnumber of
Mozilla Firefox and I was told to upgrade (kind of fun as I just pulled it down via YOU seconds before on another PC) ;-)
I seriously doubt that the new version is really *required* for the online banking to work correctly. The bank shouldn't check the user agent string.
I'm certain they have taken the path of ease. Thinking like this how do we get them Firefox users to change behavior or fit into our "system" and hit a few linux people in the process ;-) Of course with the idea of doing the least work possible in that process
Yes at a very slow pace I may add if we don't consider the supplemental
area of the ftp site ;-)
These packages are half-official and if people really need new versions, they can just add that to their installation sources. Since this directory provides repodata, it works with YaST and is quite easy to set up for everyone.
I know and my concern isn't really on my own behalf, but more for newcomers to this wonderful world of linux be it SuSE or other distros :) I'm just looking for insight to make transition from point a to b when we talk about Firefox. People going through the transition from windows to linux would have to deal with the same issues. I suspect it's a daily trifle for you guys as thats the main plan. OK let me stop semi-ranting and get some work done ;-) Johan Andreas Hanke
-- GMX Produkte empfehlen und ganz einfach Geld verdienen! Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-packaging-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging-help@opensuse.org
Hello, Am Dienstag, 2. Mai 2006 09:36 schrieb andreas.hanke@gmx-topmail.de: [...]
YES, at least my bank checked against you current versionnumber of Mozilla Firefox and I was told to upgrade (kind of fun as I just pulled it down via YOU seconds before on another PC) ;-)
I seriously doubt that the new version is really *required* for the online banking to work correctly. The bank shouldn't check the user agent string.
Banks _should_ check the user agent string - I'd call it a security feature. However, there should be a "I know what I am doing" link. BTW: You sometimes don't even need scripts to display such a warning ;-) Just include <!--[if gte IE 5]><div class="use-mozilla">Browser problems?<br> <a href="http://www.mozilla-europe.org/" target="_blank">Firefox. The better browser.</a> </div><![endif]--> in your page. This uses "conditional comments" invented by MS. You know from tv mystery novels when someone gets interrogated by police: everything you say can and will be used against you ;-)) Regards, Christian Boltz PS: Real-world-usage (in german) of the above html sniplet: http://suse-linux-faq.koehntopp.de PPS: There are Firefox plugins to modify the user agent string. Use on of them if really needed. -- Look at Debian... its stable, works on a variety of platforms.... and development is racing along at the speed of a turtle with 3 broken legs. [Joseph M. Gaffney in opensuse]
On Tue, May 02, 2006 at 12:25:06PM +0200, Christian Boltz wrote:
Banks _should_ check the user agent string - I'd call it a security feature. However, there should be a "I know what I am doing" link.
No, this does not make sense at all. There are two things that are important when you want to do secure online transactions: 1. You want to prevent that other people can listen to your communication. This is assured by using a string cipher for the SSL connection. Although there _might_ be some relation between some browser versions and their capabilities to use certain types of ciphers you should check for the actual cipher used and not whether the user is using a tool you _suspect_ to be able to do something. 2. You want to prevent that the user is talking to a server other than the bank's server. Failing here is either a result of an uneducated end user (not checking the correctness of the URL, not checking the certificate, installing a trojan horse by accident) or it is a broken implementation that falsely claims correctness of a certificate that is not. In the first case a check is completely useless. In the second case it is even harmful because a user that talks to the original server might feel perfectly secure when he receives some warnings about security problems. He might think that he is perfectly secure when he does not get warned about security problems but someone that makes you use a faked server will most likely never give you a security warning whatever you do. Robert -- Robert Schiele Tel.: +49-621-181-2214 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de "Quidquid latine dictum sit, altum sonatur."
Hi,
Banks _should_ check the user agent string - I'd call it a security feature.
I disagree because they are obviously doing it incorrectly. The latest YOU for 10.0 is MozillaFirefox-1.0.8 (a version upgrade, btw.) which has all security fixes and does not differ from the upstream versioning scheme in any way. And it's not their business what browsers people use (if they use a browser sniffer, will it allow Konqueror, Epiphany?), it doesn't make anything more secure and the update policy can't take all eventualities into account anyway. Andreas Hanke -- GMX Produkte empfehlen und ganz einfach Geld verdienen! Satte Provisionen f�r GMX Partner: http://www.gmx.net/de/go/partner
participants (5)
-
andreas.hanke@gmx-topmail.de -
Christian Boltz -
Johan N. -
Robert Schiele -
Wolfgang Rosenauer